All geek questions in one place

How to generate RSA private key from * pem string in Java

I want to generate a private key from a string (a .pem file) in Java.

 private static final String test = "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIEpAIBAAKCAQEAvcCH8WsT1xyrZqq684VPJzOF3hN5DNbowZ96Ie//PN0BtRW2\n" + // and so on "-----END RSA PRIVATE KEY-----"; try { String privKeyPEM = test.replace("-----BEGIN RSA PRIVATE KEY-----\n", ""); privKeyPEM = privKeyPEM.replace("-----END RSA PRIVATE KEY-----", ""); byte [] encoded = Base64.decode(privKeyPEM); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded); KeyFactory kf = KeyFactory.getInstance("RSA"); PrivateKey privKey = kf.generatePrivate(keySpec); } catch (Exception e) { e.printStackTrace(); }

The last line (generatePrivate function) throws this exception:

 java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(Unknown Source) at java.security.KeyFactory.generatePrivate(Unknown Source) at Test.main(Test.java:52) Caused by: java.security.InvalidKeyException: IOException : algid parse error, not a sequence at sun.security.pkcs.PKCS8Key.decode(Unknown Source) at sun.security.pkcs.PKCS8Key.decode(Unknown Source) at sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(Unknown Source) at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(Unknown Source) at sun.security.rsa.RSAKeyFactory.generatePrivate(Unknown Source) ... 3 more

If I changed the private key to the value from the .der file, it works correctly, but I need to generate the private key file from the .pem file.

I attached a screenshot of the bytes printed as a string (once hardcoded with \ n and once hardcoded without \ n) and once from a file.

Larger view

Output

It is strange that the output from the file is different from the output from the lines.

If I try to encode the .der file with Base64, the result will be different from the line in the .pem file. Why is this so?

+6
source share
1 answer

You say that the last line throws an exception, i.e.

PrivateKey privKey = kf.generatePrivate(keySpec);

Key tuning works on the line, i.e.

PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);

So, the actual problem is with an array of encoded bytes. You did System.out after byte [] encoded = Base64.decode(privKeyPEM); and looked what an exit is.

I understand that if the message is in MIME format, then after certain characters it adds a combination of carriage return and new line, so the lines are not too long for the email system or wherever you use it.

In the final test, String has some "\ n" in the source code that you are using. You’ve gotten rid of the other text in the line below,

 String privKeyPEM = test.replace("-----BEGIN RSA PRIVATE KEY-----\n", ""); privKeyPEM = privKeyPEM.replace("-----END RSA PRIVATE KEY-----", "");

But look at the line,

 "MIIEpAIBAAKCAQEAvcCH8WsT1xyrZqq684VPJzOF3hN5DNbowZ96Ie//PN0BtRW2\n" + // and so on "-----END RSA PRIVATE KEY-----";

it may have a few "\ n" on the left, which may lead to some unwanted characters appearing when creating keys. Try System.out again and see what the encoded byte array looks like, and before that check String privKeyPEM and see if there is an extra character left in it.

Hope it will be.

+1
source

Source: https://habr.com/ru/post/952250/

More articles:


All Articles